U.S. military forcing IT industry ‘eat your own dog food’

The U.S. military is ratcheting up the pressure on its network suppliers to deploy IPv6 on their own networks and Web sites so they can gain operational experience and fix bugs in the products they are selling that support the next-generation Internet protocol.

For years, the Defense Department in public forums and private conversations has been pushing network hardware and software companies to use their own IPv6 products, a practice known as “eating your own dog food” in tech industry parlance.

Complete info at NetworkWorld

How Accurate is the Routing Registry?

The Internet Routing Registry (IRR) is a globally distributed routing information database that consists of several databases run by various organisations. Network operators use the IRR to publish their routing policies and routing announcements in a way that allows other network operators to make use of the data. In addition to making Internet topology visible, the IRR is used by network operators to look up peering agreements, determine optimal policies and to configure their routers.

Last month we looked at the completeness of the RIPE Routing Registry (RIPE RR). The encouraging results were presented in an earlier post on CircleID: How Complete is the RIPE Routing Registry?

This month, we wanted to find out how accurate the data in the RIPE RR really is; how well does the data match the information in the BGP routing tables? The more accurate the data in the RR the more useful it is for other operators.

The image below shows the percentage of route objects (for IPv4 address space; shown in blue) and route6 objects (for IPv6 address space; shown in red) in the RIPE RR that match a real route in the BGP routing table. In this context, a “match” means either the exact prefix is registered, or a number of less or more specific prefixes where the total matches the prefix announced in real life are registered.

For IPv4 route objects, the percentage is very high and stable for the last few years — between 85% and 90%. This means that almost all organisations that receive an ASN from the RIPE NCC and that originate a route in BGP have a matching route object registered in the RIPE Routing Registry.

For IPv6, the numbers are a little lower at 80%, but it’s growing steadily over time.

The high number of matches between data in BGP and in the RIPE Routing Registry suggests that operators use the RR for operational purposes. It would be interesting to see if not just the prefixes but also the routing policy matches, but that is more complicated and would require a different look at the data.

For more details, please refer to Interesting Graph – How Accurate is the RIPE Routing Registry.

Written by Mirjam Kuehne

The Christmas Goat, IPv6 and DNSSEC!

The city of Gävle in Sweden have a special Christmas tradition for which it is quite famous. Every year in December a giant Christmas Goat in straw is put in to place in one of the central town squares. In relation to this tradition a sub-tradition has emerged which the city is even more renowned for — to burn down the poor Christmas Goat. This is of course an “illegal” act, but still of quite some interest!

Web-cameras showing the status of the Christmas Goat have been put up by the city of Gävle, primarily in a purpose of control. However, when someone sets fire to the poor Goat, the traffic and need for bandwidth tend to go sky-high for these cams.

It is with this background that the IT-department within the city of Gävle turned to me and my company with questions about load sharing the traffic. Since the traffic is quite substantial and visitors come from all over the world, I gave it some thought and came to the following conclusion: Why not combine business with pleasure?! I accepted the request with the following therms: loadsharing for the site AND at the same time validating the use of IPv6 and DNSSEC.

So, at the time of the premier of the 2010 Christmas Goat, 28/11 – 2010, the following was done:

www.julbockmedipv6ochdnssec.se/kamera1 and www.julbockmedipv6ochdnssec.se/kamera2 were set up in order to:

• Track native IPv6 with a RR with A and AAAA.

http://www.julbockmedipv6ochdnssec.se/ipv4.jpg

• Track those who can run IPv6 with a RR with only one AAAAA.

http://pic6.julbockmedipv6ochdnssec.se/ipv6.jpg

• Track validating DNS-resolvers with a domain that has a faulty DNSSEC.

http://pic.try2readme.se/dnssec.jpg

The result we got showed that native IPv6 was in use by very few users. Quite a few of them ran 6to4 but nobody(!) used Teredo. The fact that nobody seemed to use Teredo raised some questions and we started to investigate. A standard search on Google gave us nothing so we moved on to a contact on Microsoft that supplied us with the following link.

http://msdn.microsoft.com/en-us/library/aa965910(VS.85).aspx

Basically this says that Windows Vista/7 don’t do DNS-entries after AAAA RR if the only active IPv6 alternative is Teredo. Here you can start to wonder why Microsoft bothered to have Teredo active, but perhaps we should have that discussion some other time.

Upon that we changed the IPv6-link to:

http://[2001:b48:10:3::215]/ipv6.jpg

After that the use of Teredo increased.

Up until today, 13/12 – 2010, the result is as follows:

• 0,1% has reached the site with native IPv6.

• 52% of the visitors have reached http://[2001:b48:10:3::215]/ipv6.jpg and 53% of them use 6to4 and 47% use Teredo.

• 44% of the visitors validate DNSSEC but do not reach http://pic.try2readme.se/dnssec.jpg

My reaction to the results is that the use of validation of DNSSEC is surprisingly low. It is also surprising that the use of 6to4 and Teredo is this high! If we take in account that 40% of the visitors run Windows XP, the figure is even more surprising. I guess that this shows that the people with interest in the Christmas Goat in Gävle also are well prepared for the future with a dual-stack that seems to work well. (If we don’t count the failure from Microsoft with Teredeo… But hey, it is soon Christmas so let´s be nice :)

Conclusion: The Gävle Christmas Goat can be used to much more than first intended.

More information about the Gävle Christmas Goat on:

http://en.wikipedia.org/wiki/G%C3%A4vle_goat

http://www.merjuligavle.se/Bocken/In-English/

Merry Christmas!

Written by Torbjörn Eklöv, CTO, Senior Network Architect, DNSSEC/IPv6

Stipv6 lanceert de IPv6 Ready Ranking

De Stichting IPv6 Nederland, Stipv6, lanceert maandag 13 december de website www.ipv6ready.nl. Deze site geeft dagelijks een actueel overzicht van de 100 door Nederlandse websurfers meest bezochte websites en hun beschikbaarheid via het nieuwe Internet Protocol, IPv6. Het doel is om websites die bereikbaar zijn via IPv6 extra onder de aandacht te brengen. Hoe eerder veel-bezochte websites bereikbaar worden via IPv6, des te soepeler zal de overgang van het oude IPv4- naar het nieuwe IPv6-internet verlopen. Alle grote internetaanbieders zijn in voorbereiding om IPv4 en IPv6 tijdelijk gelijktijdig aan gebruikers te bieden. Echter zolang de meest populaire websites niet bereikbaar zijn over het “nieuwe internet” wordt de investering in IPv6 geschikte modems door internet aanbieders uitgesteld.

De website www.ipv6ready.nl is één van de initiatieven van de Stichting IPv6 Nederland (Stipv6). Stipv6 wil helderheid brengen in het verloop van de invoering van het nieuwe Internet Protocol versie 6. Stipv6 richt zich met name op voorlichting, audits en keurmerken. De website www.ipv6ready.nl is hier een voorbeeld van. Voor de komende maanden staan verder op het programma het publiceren van de IPv6-geschiktheid van internettoegangsdiensten en van software.

De overstap van IPv4-nummering naar IPv6-nummering is nodig omdat het huidige internet in Europa in minder dan 12 maanden geen vrije adressen meer heeft. Als bedrijven en overheden niet massaal in actie komen om de nieuwe oplossing IPv6 voor dit adrestekort in te voeren, zal het internet binnen één jaar niet meer kunnen groeien. Hierdoor zal economische schade ontstaan omdat de levering van Internet aansluitingen en Internet enabled devices zoals smart-phones en ipads vertragen. Een goed technisch alternatief om IPv4-nummers te hergebruiken of te delen om zo het oude IPv4 internet langer te gebruiken is er niet.

IPv6, voluit Internet Protocol versie 6, is de nieuwe versie van IP, het systeem dat op alle computers op de wereld de verbinding met internet mogelijk maakt. Van de huidige IPv4-adressen is op dit moment nog maar 2% beschikbaar. Bedrijven zullen op korte termijn hun websites, netwerken, computers en programma’s geschikt moeten maken voor IPv6 om in de toekomst bereikbaar te blijven voor hun klanten en leveranciers. De oprichting van Stipv6 sluit aan op initiatieven van de Europese Commissie en het Ministerie van Economische Zaken, die sinds 2005 aandacht vragen voor het komende tekort aan adressen in het huidige internet.

De oprichters van de Stichting IPv6 Nederland zijn Paul Boot, Frits Nolet (penningmeester), Hans van Oosten, Harold Schoemaker (secretaris), Sander Steffann en Joost Tholhuijsen (voorzitter). Allen hebben op specifieke vlakken (software, infrastructuur, systeembeheer) ervaring met IPv6 en de raakpunten met de rest van de ICT-omgeving. De stichting wil in de markt zorgen voor duidelijkheid op het gebied van IPv6-geschikte producten, diensten en trainingen.

IPv6 : Rumours Are More Accurate Than Predictions

In May Yves Poppe wrote:

“May 7th we learned that two /8’s had been allocated to RIPE, the European Regional registry, Rumour has it that APNIC is also getting a couple very soon as well as ARIN. If this materializes only nine ‘slash eights’ will be left to distribute. Depletion clocks are being adjusted; today May 12th Potaroo predicts September 9th 2011 to be the fatidic day for IANA depletion and that on April 8th 2012 the ultimate surviving little block living in liberty will be allocated.”

Today I can write:

November 30th we learned that two /8’s had been allocated to RIPE and two to ARIN, two are left in the free pool. Rumour has it that they are spoken for by APNIC and that they are waiting for January to claim them. If this materializes nothing will be left in IANA’s free pool to distribute. Depletion clocks are being adjusted again; today December 11tth, Potaroo predicts February 23th 2011 to be the fatidic day for IANA depletion and that on November 23th 2011 the ultimate surviving little block living in liberty will be allocated.

As rumours tend to be more accurate than predictions, the last /8’s are hanging already on this years Christmas tree and one should hurry to get hold of a small little RIR block to put on next year’s tree.

I will miss the decade of heated and passionate debates between Tony Hain and Geoff Huston on when the exhaustion would actually happen. Estimates ranged all the way from 2008 to 2020 with Tony predicting early demise of IPv4 addresses while Geoff initially thought exhaustion would come later. As time passed the interval converged and here we are.

Many ISP’s and corporations watched the clock tick and tick and felt they had all the time in the world. They might have been right for some time but at midnight they might find themselves turned into IPumpkins.

Some still persist in the thinking that, using some clever artifacts, the inevitable can be delayed maybe even indefinitely. Although improbable, it is not impossible. The beauty of the future is its many possible outcomes.

Did I have a plan B if IPv6 would not happen? Yes indeed, it is called dual stack. Our AS6453 global tier1 IP network is totally dual stack as for the last five years every traffic and business growth driven upgrade and expansion has mandated IPv4 and IPv6 support. This made the actual exhaustion date an invariable even under the extreme scenario that IPv6 would never have happened. Indeed, our IP transit revenue is just that, IP revenue, v4 plus v6 flavours independently of their proportion.

With the end of the exhaustion clock business, a traffic mix clock would be an interesting and entertaining little tool. When will IPv6 represent 10, 20, 50, 88, 99% of total IP traffic? Make your predictions and let us start some rumours.

I just read that Free in France is about to announce a new ‘freebox’ some name ‘la v6’. Considering that they have the worlds biggest number of IPv6 enabled end users, IPv6 traffic will grow faster than we would have projected yesterday. Interesting to note that the write-up also refers to VoIP rumours; VoIPv6 ?

Happy New Year!

Written by Yves Poppe, Director, Business Development IP Strategy at Tata Communications

Verizon Launches IPv6 Transition Services

Verizon’s (VZ) professional services arm has introduced a service to convert networks to IPv6, anticipating that large organizations will soon need help with such projects.
Complete info at CIO, PC World and ComputerWorld.